I run into an error that was being thrown when I was attempting to add a new Relying Party Trust for one of my customers. When executing the following PowerShell code:
Add-AdfsRelyingPartyTrust -Name "My App Name" ` -Notes "My App Notes" ` -MetadataUrl “https://somemetadataurl.com/saml”
I received the following error:
Add-AdfsRelyingPartyTrust : The request was aborted: Could not create SSL/TLS secure channel. At line:1 char:1 + Add-AdfsRelyingPartyTrust -Name "My App" -Notes "My App Notes"... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidData: (:) [Add-AdfsRelyingPartyTrust], WebException + FullyQualifiedErrorId : The request was aborted: Could not create SSL/TLS secure channel.,Microsoft.IdentityServer.Management. Commands.AddRelyingPartyTrustCommand
After checking over the PowerShell CMDLET and some scouring of the internet I managed to find a solution which involved editing the registry to force .NET applications to use stronger cryptography.
I changed the following registry key values as instructed:
HKEY_LOCAL_MACHINE\SOFTWARE\ \Microsoft\.NETFramework\\<version> SchUseStrongCrypto = (DWORD): 00000001 HKEY_LOCAL_MACHINE\SOFTWARE\ Wow6432Node\Microsoft\\.NETFramework\\<version> SchUseStrongCrypto = (DWORD): 00000001
After making these changes, a reboot of the servers was required to ensure that the new registry values were picked-up correctly by all .NET applications on the server (including ADFS).
After the reboot had completed, I attempted to execute my PowerShell code mentioned earlier, this time the code executed without error and my new Relying Party Trust was created.